Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Brave Dave on April 30, 2011, 01:11:36 AM

Title: OpenVPN : Monitoring
Post by: Brave Dave on April 30, 2011, 01:11:36 AM

Any tips on Monitoring OpenVPN connections and restarting if the link drops

Title: Re: OpenVPN : Monitoring
Post by: Daniel B. on May 05, 2011, 10:59:33 AM

I'm not sure which OpenVPN contrib you're talking about, but you shouldn't have to do anything. OpenVPN monitor the link itself, and will reconnecte as soon as the Internet link is available again.

Title: Re: OpenVPN : Monitoring
Post by: Brave Dave on May 10, 2011, 11:39:06 PM

This is the OpenVPN SiteToSite Contrib

It's very good, but it does drop

I've been monitoring it by a ping every 3 minutes and restarting it if necessary, and this is not too bad, but it's not perfect

I'm using this;

Code: [Select]

#!/bin/bash
res=`ping -c 1 192.168.70.5 -w 5 | grep received | awk '{ print $4;}'`

if [ "$res" == "0" ]; then
    /usr/bin/logger "VPN Down: Attempting Restart .."
    /etc/init.d/openvpn-s2s stop
    sleep 5;killall openvpn
    sleep 5;/etc/rc.d/init.d/openvpn-s2s start

    /usr/bin/logger "VPN Down: Attempted Restart .."
#else
#    /usr/bin/logger "VPN Ok: $res"
fi


Title: Re: OpenVPN : Monitoring
Post by: Daniel B. on May 11, 2011, 09:29:46 AM

It should be re-connecting automatically, can you check the logs (/var/log/openvpn-s2s/) when OpenVPN is down ?

Title: Re: OpenVPN : Monitoring
Post by: Brave Dave on May 17, 2011, 12:40:55 AM

Hi this took a while had to disable the checking and wait for an issue, but I get this

Thu May  5 11:45:47 2011 RESOLVE: Cannot resolve host address: thetarget.com: [TRY_AGAIN] A temporary error occurred on an authoritative name server.

This started coming through every .. twice a minute, 3 x a minute sometimes. I'm probably thinking the internet was down for a while; but it didn't come up by itself. I ran the monitor script manually and it came up.

Title: Re: OpenVPN : Monitoring
Post by: Daniel B. on May 19, 2011, 09:41:08 AM

This looks like a DNS resolution problem. It's very strange that restarting OpenVPN fixes the issue. If the remote peer has a fixed IP, you could use the IP directly.

Regards, Daniel

Title: Re: OpenVPN : Monitoring
Post by: Brave Dave on May 19, 2011, 09:58:46 AM

Done that (fixed IP)...

This seem like the standard error you get when the link is not up;
The command

Quote

 host thetarget.com

resolves ok

Other techniques for checking work ok e.g.:

Quote

 telnet thetarget.com 25

And it's the same on a couple of installs (I've seen it during setup when the other end isn't up to receiving)

Title: Re: OpenVPN : Monitoring
Post by: Brave Dave on May 23, 2011, 02:20:34 AM

Hi Have a live error at the moment
... The host has been down -likely 10 -12 hours, and is now up, the client has not, the message is in the logs, in order to reconnect I have to restart, the monitoring script will fix it when I run it .. and did ...

Ok, question - can I restart just one vpn (this client connects to two servers). My script restarts the whole server ...

Title: Re: OpenVPN : Monitoring
Post by: Gert on June 08, 2012, 09:33:18 AM

Thank you Brave Dave, your solution saved my life.